From debbugs-submit-bounces@debbugs.gnu.org Mon May 19 15:31:20 2025 Received: (at submit) by debbugs.gnu.org; 19 May 2025 19:31:20 +0000 Received: from localhost ([127.0.0.1]:45197 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uH6Cl-0000QY-O0 for submit@debbugs.gnu.org; Mon, 19 May 2025 15:31:20 -0400 Received: from lists.gnu.org ([2001:470:142::17]:58182) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uH6Ci-0000PA-Qy for submit@debbugs.gnu.org; Mon, 19 May 2025 15:31:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uH6Ca-0002J0-VN for guix-patches@gnu.org; Mon, 19 May 2025 15:31:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uH6CZ-0000TO-OB; Mon, 19 May 2025 15:31:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=AmerM3DLS+9wfjtThK9XKUAtPmuKJ8kbQWKAXndjlAU=; b=ad9zqvsNG/i3fs /bP8K6GOjlz97F/+6OYnv84+fHguAs2Kxjt80OmhfcmUucU8+ldzwvrS3xYjBsXRT21EaNwK4bc82 0fxl1VzHCpO2IW17zbm/9szjt5CVQ6FkTYMROwVQxPHHZcxuVGdw+T8P5Lh2nNFEhEeq4dCafmHg2 CUQDXskfxuflDqAamvKu+K+7lHG7mAiBKvtg8lwM7SgIRAoGdb2irx6JLKvPZAMsOIVxpruGO9j32 9EmzSmW7iHpmB1ESDGLIufpKadyH7N4/9BFWXvhretyGvi0OosD+HxiRx6W2NrScgJRB9Xq7AuwJj 02/CPnG0S2YMPYnfen3w==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH] environment: Provide a writable /run/user/$UID. Date: Mon, 19 May 2025 21:30:53 +0200 Message-ID: X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Debbugs-Cc: Christopher Baines , Josselin Poiret , Ludovic Courtès , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * guix/scripts/environment.scm (launch-environment/container): Add /run/user/UID to ‘file-systems’. * tests/guix-environment-container.sh: Test it. Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08 --- guix/scripts/environment.scm | 5 +++++ tests/guix-environment-container.sh | 3 +++ 2 files changed, 8 insertions(+) Hello Guix! This may sound like a recurring joke but hey! when running shepherd in ‘guix shell -C’, I figured that a writable /run/user/$UID would be welcome too. Thoughts? Ludo’. diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index 96bbc6c9fa..1c2d222c74 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -875,6 +875,11 @@ (define* (launch-environment/container #:key command bash user user-mappings reqs))) (file-systems (append %container-file-systems (list tmpfs ; RW /tmp + (file-system ; RW /run + (inherit tmpfs) + (mount-point + (string-append "/run/user/" + (number->string uid)))) (file-system ; RW ~ (device "none") (mount-point diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh index e1c3655846..220e6b8ec8 100644 --- a/tests/guix-environment-container.sh +++ b/tests/guix-environment-container.sh @@ -203,6 +203,9 @@ guix environment --bootstrap --container --ad-hoc guile-bootstrap \ guix environment --bootstrap --container --ad-hoc guile-bootstrap \ -- guile -c '(mkdir (string-append (getenv "HOME") "/foo"))' +# And /run too! +guix environment --bootstrap --container --ad-hoc guile-bootstrap \ + -- guile -c '(mkdir "/run/user/1000/shepherd")' # Check the exit code. base-commit: 11e88de06043d367d02ceceade84733a65f84e27 -- 2.49.0 From debbugs-submit-bounces@debbugs.gnu.org Mon May 19 19:30:07 2025 Received: (at submit) by debbugs.gnu.org; 19 May 2025 23:30:07 +0000 Received: from localhost ([127.0.0.1]:47691 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uH9vn-0004fE-Cc for submit@debbugs.gnu.org; Mon, 19 May 2025 19:30:06 -0400 Received: from lists.gnu.org ([2001:470:142::17]:51366) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1uH9vk-0004e6-Dp for submit@debbugs.gnu.org; Mon, 19 May 2025 19:30:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1uH9ve-0000SA-Fo for guix-patches@gnu.org; Mon, 19 May 2025 19:29:54 -0400 Received: from wolfsden.cz ([37.205.8.62]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1uH9vc-0003eM-3L; Mon, 19 May 2025 19:29:54 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id C289026E48C; Mon, 19 May 2025 23:29:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1747697388; bh=KNJESlaWYn21PiNYknv3pRGDZj3ReEOJ8C0VvfqXhWY=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=mg9tBF5OEuHrE/F1WOz52LoZjGsJ2+N5w4b2cuY0BKPZcjvRMvU20tYkpFf6k8D1k jRZ5OunAjXu9k1WJ3hoxAgVXLVbXlW+YmKKlMPFovZD8IP74s1DXX464/jUnnhwEIm /5/A8/kLOzhfIhrizDiX4+TrpQTip5rOiKLdb2dfsWUC+VIdr0rdopWufnEOEFMOoO D2qdqyjcClc9+Eu3NwQA3RW++IJ/2Jcd+hia4/oGKYzdlx58OX9OW2lssTBBg6lq2R 7/3KUnqKZr8wKUdFOBvg0sSdFGgdhIeybmOGPkhEMZ3WcK3APX24+1odrBV7ceWfPr N7bDGRl4MEWAGNCBJsYIQNqqgFqkK5gEk7D0cvMVUG/gbSIPCxWUXM3rYacu0qN/1L HE7szuwJaZKz1KVzJnQLvOJJe74BdnZajZpjCFSlr/+UJVrPb7QQe4JwvEkgONMYuV FrJYPjJqOMpVkQJSy39kqmZKyCexbSM9PRW4c6LgXIxa1C1hHvGsS8MWlrwVTz/eiF zzNvfAMo8c/MsASIlDgAk9B+3PYD0/aU25LAzEc4xhbqN7W4wVlki1fyKVl2GYQ2hH 2mfTFR0FE1LQKmFzfehqp+bVm4GBqG4PXtbj2pkqgHEq0YTb5hOnvLCFQ9NHccFgwj D6MCh5BAury3roVcWZn0tiEA= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id E901026CED5; Mon, 19 May 2025 23:29:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1747697388; bh=KNJESlaWYn21PiNYknv3pRGDZj3ReEOJ8C0VvfqXhWY=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=mg9tBF5OEuHrE/F1WOz52LoZjGsJ2+N5w4b2cuY0BKPZcjvRMvU20tYkpFf6k8D1k jRZ5OunAjXu9k1WJ3hoxAgVXLVbXlW+YmKKlMPFovZD8IP74s1DXX464/jUnnhwEIm /5/A8/kLOzhfIhrizDiX4+TrpQTip5rOiKLdb2dfsWUC+VIdr0rdopWufnEOEFMOoO D2qdqyjcClc9+Eu3NwQA3RW++IJ/2Jcd+hia4/oGKYzdlx58OX9OW2lssTBBg6lq2R 7/3KUnqKZr8wKUdFOBvg0sSdFGgdhIeybmOGPkhEMZ3WcK3APX24+1odrBV7ceWfPr N7bDGRl4MEWAGNCBJsYIQNqqgFqkK5gEk7D0cvMVUG/gbSIPCxWUXM3rYacu0qN/1L HE7szuwJaZKz1KVzJnQLvOJJe74BdnZajZpjCFSlr/+UJVrPb7QQe4JwvEkgONMYuV FrJYPjJqOMpVkQJSy39kqmZKyCexbSM9PRW4c6LgXIxa1C1hHvGsS8MWlrwVTz/eiF zzNvfAMo8c/MsASIlDgAk9B+3PYD0/aU25LAzEc4xhbqN7W4wVlki1fyKVl2GYQ2hH 2mfTFR0FE1LQKmFzfehqp+bVm4GBqG4PXtbj2pkqgHEq0YTb5hOnvLCFQ9NHccFgwj D6MCh5BAury3roVcWZn0tiEA= From: Tomas Volf <~@wolfsden.cz> To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [PATCH] environment: Provide a writable /run/user/$UID. In-Reply-To: ("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Mon, 19 May 2025 21:30:53 +0200") References: Mail-Followup-To: Ludovic =?utf-8?Q?Court=C3=A8s?= , guix-patches@gnu.org Date: Tue, 20 May 2025 01:29:47 +0200 Message-ID: <87y0usnpqs.fsf@wolfsden.cz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz; helo=wolfsden.cz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > * guix/scripts/environment.scm (launch-environment/container): Add > /run/user/UID to =E2=80=98file-systems=E2=80=99. > * tests/guix-environment-container.sh: Test it. > > Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08 > --- > guix/scripts/environment.scm | 5 +++++ > tests/guix-environment-container.sh | 3 +++ > 2 files changed, 8 insertions(+) > > Hello Guix! > > This may sound like a recurring joke but hey! when running shepherd > in =E2=80=98guix shell -C=E2=80=99, I figured that a writable /run/user/$= UID would > be welcome too. > > Thoughts? I just wonder how many more we will need :) Cannot really think of any, so hopefully this is it? > > Ludo=E2=80=99. > > diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm > index 96bbc6c9fa..1c2d222c74 100644 > --- a/guix/scripts/environment.scm > +++ b/guix/scripts/environment.scm > @@ -875,6 +875,11 @@ (define* (launch-environment/container #:key command= bash user user-mappings > reqs))) > (file-systems (append %container-file-systems > (list tmpfs ; RW /tmp > + (file-system ; RW /run > + (inherit tmpfs) > + (mount-point > + (string-append "/run/user/" > + (number->strin= g uid)))) For normal users this is fine, but for root the whole /run should be writable, the way it is on normal system. Thoughts? > (file-system ; RW ~ > (device "none") > (mount-point > diff --git a/tests/guix-environment-container.sh b/tests/guix-environment= -container.sh > index e1c3655846..220e6b8ec8 100644 > --- a/tests/guix-environment-container.sh > +++ b/tests/guix-environment-container.sh > @@ -203,6 +203,9 @@ guix environment --bootstrap --container --ad-hoc gui= le-bootstrap \ > guix environment --bootstrap --container --ad-hoc guile-bootstrap \ > -- guile -c '(mkdir (string-append (getenv "HOME") "/foo"))' > > +# And /run too! > +guix environment --bootstrap --container --ad-hoc guile-bootstrap \ > + -- guile -c '(mkdir "/run/user/1000/shepherd")' > > # Check the exit code. > > > base-commit: 11e88de06043d367d02ceceade84733a65f84e27 Did not test, but looks good (and since it has the test, we know it works). Just left a comment for consideration. Reviewed-by: Tomas Volf <~@wolfsden.cz> =2D-=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmgrvusOHH5Ad29sZnNk ZW4uY3oACgkQL7/ufbZ/wakJlBAAiecfq3yPFgaffZqpSmTzWv1qAWaYSgvsQFyq 5WhygtTVcQBbwyc7utI5GTDhPdJXG3zbe99u45ZQ7eJfb/FeT2EJiJUGIa5tqwU+ wo3puUhEoKQAEkBXG7vlyoX+Bpx2b1keFY+fUNX6keWKhloRc/0WAyUAYcrFoCYz tP1y16fmxNNlxAzqrBLFsn+tMarRPGq6ehCc3ljOlVJdpCKuNgzp3Fua3zi5Nhyp r9y68DC5wGRcJkNPhWLoHGCtWKLsaD6QSMzA5Z24c11c4+OJmj9/ReakahZ2JQT0 sPAr7IacRpvuuGI8ytJsawJ4dcS0+OSzph/E89RGLDUXfEI5cN8SpGjKkK7kS+rV KHvraWPba0uBgE4eNJQgQjaMR0ZfPIICZEvbg/pTAeRRBFNx7Q0fGH3ufbXgsn2F lWrXAMYuPkz+XCmq1zKURNU6DfbcAQkrihk7cccNdIwOIdnUvvjy3lrxmbNjztEw pxqzzfqmWjPGekh3GKDhkzuR0gUiIgc1Oou1PCNLxvVqzSk7t7Ytt/Lsio7BPIuG x93+on5VD6h+NU/5+QmAk7j+Zq06rxMQ24/ZoAiZ3RYu50F1rtDWR/Dp5Xp4QJlo r7+pdIyAV6XFnf3KFwf3S0LIUU68oOwOQhJiZdTS1h4PyiDCPMp1WwFu93UgORF+ dVcBknk= =YYJD -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue May 20 04:29:12 2025 Received: (at submit) by debbugs.gnu.org; 20 May 2025 08:29:13 +0000 Received: from localhost ([127.0.0.1]:53866 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHILY-0006bY-Ir for submit@debbugs.gnu.org; Tue, 20 May 2025 04:29:12 -0400 Received: from lists.gnu.org ([2001:470:142::17]:46500) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uHILV-0006an-EE for submit@debbugs.gnu.org; Tue, 20 May 2025 04:29:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHILO-0006df-Pl for guix-patches@gnu.org; Tue, 20 May 2025 04:29:02 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHILO-0002RJ-GF for guix-patches@gnu.org; Tue, 20 May 2025 04:29:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=Futx6HZblyG096VH5VLacOb7SZvaaNzbjH8guQp5gWM=; b=T30itmPLVTBQ03UtzBW+ SaBySHio2AeDRIvFzuqvIoVc4vmACdofd/hRwKToz0DkMOiPSWELhMEYNjnd6UDjX09Hhpt2Vgbyr cWTmwE6rr3N313vf2PIaLiNuYgvA+zg/pr/3I106N0aA1RstCLaKB3ZpZno3/7mUC1X/nm9VzKL7C JP/OQKIakkCrsKP75K0pLvoFnE12H60LqP5doUM3PshzlcQnqbxAIzSVCFPRzN5oylTsW8Pf/1Pmj 8fmzXyTa8BIFYBXs2tpm8VhZJOKe1wAVPIopyjv6QMi1IumzE/O1R/vEuV/0FSZKnpG6t/0eDZD22 UdT9zxOxOXunSQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: guix-patches@gnu.org Subject: Re: [PATCH] environment: Provide a writable /run/user/$UID. In-Reply-To: <87y0usnpqs.fsf@wolfsden.cz> (Tomas Volf's message of "Tue, 20 May 2025 01:29:47 +0200") References: <87y0usnpqs.fsf@wolfsden.cz> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Primidi 1 Prairial an 233 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour de la Luzerne Date: Tue, 20 May 2025 09:20:02 +0200 Message-ID: <87plg33g0t.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Tomas Volf <~@wolfsden.cz> writes: > I just wonder how many more we will need :) Cannot really think of any, > so hopefully this is it? Hopefully! >> + (string-append "/run/user/" >> + (number->stri= ng uid)))) > > For normal users this is fine, but for root the whole /run should be > writable, the way it is on normal system. Thoughts? For root, the whole root file system should be writable. So I wonder if it makes sense to special-case the above to be =E2=80=9C/run= =E2=80=9D when UID is zero; WDYT? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue May 20 12:55:36 2025 Received: (at 78497) by debbugs.gnu.org; 20 May 2025 16:55:36 +0000 Received: from localhost ([127.0.0.1]:34149 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHQFc-0000uq-HK for submit@debbugs.gnu.org; Tue, 20 May 2025 12:55:36 -0400 Received: from wolfsden.cz ([37.205.8.62]:33964) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1uHQFa-0000uU-KJ for 78497@debbugs.gnu.org; Tue, 20 May 2025 12:55:35 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 79CBE29942C; Tue, 20 May 2025 16:55:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1747760132; bh=VBu8xBVKh+OQlSnmOXCXJKd7hzRyzbaVbQvOmL44jDA=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=FKTm2EqbDD8ZOJz0Ez3Wj6kEurWibY19j0TcO/dOwYsc9vJQSZGysU9MbUyYyZpaX ng4w9p7JDIy16B5MZm46O6MArwvi8z7nJhsK2HXPg615svCLjeXga03a0/rxWZ6Ia9 4pHRwtzCaP4GvLHT2GfvUdB2NDLT8uNUG3Z3rqFuBvSfMNzX69jOQXH63LpVVAc4+/ +wL7GouUpQfZughwelapiYEbqAancWZehW8PSJpmSYWYuOUg2+1fvscFWZXjp6kbN3 LNdZjcw6hS+4dC+FC4qx3yzpyiFSr0ETwErSY5v+rTalXbdhQ0FWO6JgpXeXev5t+6 MMxXNimB2cbcdtPqPVj/mqr8DjMQqKBUcaoO7Hz9TPlwFB5KdqS78vsKUkl2nJmHnc vqAlriviSFe7EHNP2AnzXLJrSVnW0Xc15Wk5XQDNDeMhgEuvUFjp4IU+FFuZsswVi/ 6CW+ron897Gr9IBzDGUp1m087luFRrh0cxdqgh10b4YKRBaqR3xGKVK1iDtYfNUmRZ OEQnrVc+yPzqZzWSDC09TRurBi+pfEST5VNJEMjnfwe5kHsMLKoSV7HciTO1ORQFCx s9wjMyFNcnkqNbFkzYkttZaee2CvxMrQ8be34Ifppx/bBshOKAL2XPOGexS6WvEFBj eq5HBCNGGmVRR73NlJDOLPvY= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id A4864299F9B; Tue, 20 May 2025 16:55:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1747760131; bh=VBu8xBVKh+OQlSnmOXCXJKd7hzRyzbaVbQvOmL44jDA=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=FnTJ5HufLH2fU1dF3ShbC4ogmtTXuIR9lSOGjx1kljFPz/MYtC/gX33juJ1pFiOBA 21ZHhWxMdncqi5FJfxKdFgJS+mLRLhI7Rjv7akIVsOZ2QSPry8rSKIpKM5iDp65v3u z7rSwIc6RRantUAKI7m/PCIHiWtMk4rjy9FYPVM7AspyFZYXCC+p7jW/9nQKKk7tHV 6QS4X/9CKz6DhSwPk2QXagUYySKhxpT1WoZ3Xg4F4da+U1960oaAAHHWbjgtxJzIr7 4JgLGXQhIeOAmwBpIyo+y+FXzqCcOndAoBpZxmFaYoLbrWPckOf6YUGBT3FsLaz0Fw lx9XtIeRe+2joVeFCxeKgeqL+lbwGPdKi/fcOZ9vE27rLmBWPXp8xcLEQ22ifHT+K7 C/roJJ7dX2h1RbT8AKgsCwq912/M7kIr0UEhJjLu1fOxi4a2dO6i2S6cd2EASwElU+ PYyEJ8EbbXdEyVAsNVl36MhCXsOgwCgCZiiUARpQvUPWFQqhNA9Fm3Z0AVCyPe5Y8V Q6PrxUQTT7NZBJ1pgNY8Cf0uxzrKewgpMWr4a9wi3lVIFmrlFt0vpuTIigLoo/2bxC vANXTsN3hI1wRwkS3CqmM2gyzfMS3ROeGxJCYPF7JnQL6zpQnVBIzhJYCpmVx6yt+Y D5VKmI9txF6uGxnT5lvCv2AI= From: Tomas Volf <~@wolfsden.cz> To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#78497] [PATCH] environment: Provide a writable /run/user/$UID. In-Reply-To: <87plg33g0t.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Tue, 20 May 2025 09:20:02 +0200") References: <87y0usnpqs.fsf@wolfsden.cz> <87plg33g0t.fsf@gnu.org> Date: Tue, 20 May 2025 18:55:31 +0200 Message-ID: <87msb7nrwc.fsf@wolfsden.cz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 78497 Cc: 78497@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: >> For normal users this is fine, but for root the whole /run should be >> writable, the way it is on normal system. Thoughts? > > For root, the whole root file system should be writable. Well... That would be one way to solve this. Default to --writable-root if UID is zero. > So I wonder if it makes sense to special-case the above to be =E2=80=9C/r= un=E2=80=9D > when UID is zero; WDYT? I was thinking about programs that are expected to be run as a root and have hard-coded PID file, lock file or something else under /run. But I have no example to put forward. So maybe your version is enough, and we can revisit this in another pass later if the need realizes? I do not really have a strong opinion either way here, just wanted to raise the point for consideration. Feel free to proceed with the original version. ^_^ Tomas =2D-=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmgstAMOHH5Ad29sZnNk ZW4uY3oACgkQL7/ufbZ/wanLkBAAq/aPCS6uQU5MVybXcmJTzI1Ip/LbsV3EDwxJ zaQ5bL7ben+yrM2IczbWPm67AVrsgNMLey5xTKRCbSh4cnSOmMtvTlqWMN7cbVJy qcuWmxKrCOLh7iOKiUEvN/szmiou4IE+6qD8pjAwCuy+ifSD3pM/qSqiVd26am/Y 2yewiDzfWJFP3KF7tquzbEmOzI0zCJV+T6rwv5odyfQ90GLCkH2T6UdTNOOPRQVI y3gQ3oEWGjKEt8p23bmrbxwIg1Bj82oP5wIrRq521iTN61NQQeqYhBX9Y/wAKeJ9 +a6g0qSD/8u04UPvpG+uUvPBw1fLcaPY30CywZJ7eEIc664X5ALfAksWQULrSptt dPyAjyWpOwJbhKBlRbMWBN1a6zsThFX8tIrCapRAsaHrlUN/N0uz+QIXXH0Kmu6q Naj+XlxOEPmmyehAyP56Z/WDX79HTRfd4jvorqjI4xbxsuBhGo3nDfRWTBQeiF2/ GUHTBu0Ehm7M/u1cJIiNjC/9ZBJJpMX11S8/GgK2WMD93nQZ5SgDkPomclZfepuc LrwZaCGvhctE5AtU33wkqEbfCicMlfWwvn6cyLy8FDf+ZLedGtzv3sShGNqCJz8o stB8oel0B1SVdZZK4SU9MEkQn9qtd4Ym0R6+bZWCrGY78PrMopyC/znh6vxxikUS scRgGAI= =x8ad -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat May 24 09:40:11 2025 Received: (at 78497-done) by debbugs.gnu.org; 24 May 2025 13:40:11 +0000 Received: from localhost ([127.0.0.1]:59193 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uIp6g-0007km-Rq for submit@debbugs.gnu.org; Sat, 24 May 2025 09:40:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48982) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uIp6e-0007hG-Py for 78497-done@debbugs.gnu.org; Sat, 24 May 2025 09:40:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uIp6Y-0001k7-9r; Sat, 24 May 2025 09:40:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=8tpopiYQE0UN0ALe6a/5NajLIIxs1r2zIMM/asngzko=; b=iKF8G9lpgASKM21hepLG /TcPrtQwjGFShhA3pPfr363tXnoXAjRZbNBVllcKz47SLdNNsivCX7bZt2Omh6FvEcPXmJmzk4LPN UfaafLhMcJ0fc6Aww0HAwsnPJ+onTTZ0XhI3v/ebovRISpzM+/bbBthnSnuZXOL0Elvx+KKGm00nY /QuKViBFaubQlyHpoNVZOe2zQlANRpcHE+YqSUZdeI2XCulAQaaBEItsdS2netfNwLtrvwbnPMoOJ v4wofcgoyDDDLzpCv0bWgReT7QjVkPkCiBfQs1/S91/N1XFqggo89lVFxOch6aicb8J6acwT204Cl YGcyBYFpXpAxyg==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tomas Volf <~@wolfsden.cz> Subject: Re: [bug#78497] [PATCH] environment: Provide a writable /run/user/$UID. In-Reply-To: <87msb7nrwc.fsf@wolfsden.cz> (Tomas Volf's message of "Tue, 20 May 2025 18:55:31 +0200") References: <87y0usnpqs.fsf@wolfsden.cz> <87plg33g0t.fsf@gnu.org> <87msb7nrwc.fsf@wolfsden.cz> Date: Sat, 24 May 2025 15:39:43 +0200 Message-ID: <87v7pq2km8.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 78497-done Cc: 78497-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Tomas Volf <~@wolfsden.cz> writes: > Ludovic Court=C3=A8s writes: > >>> For normal users this is fine, but for root the whole /run should be >>> writable, the way it is on normal system. Thoughts? >> >> For root, the whole root file system should be writable. > > Well... That would be one way to solve this. Default to --writable-root > if UID is zero. > >> So I wonder if it makes sense to special-case the above to be =E2=80=9C/= run=E2=80=9D >> when UID is zero; WDYT? > > I was thinking about programs that are expected to be run as a root and > have hard-coded PID file, lock file or something else under /run. But I > have no example to put forward. So maybe your version is enough, and we > can revisit this in another pass later if the need realizes? Yeah, probably. Pushed as f8527e7f2044ec7bb19efcb25158ec7aa0fe5fa3. Let=E2=80=99s see if we need something else now. :-) I=E2=80=99m less con= cerned about guest UID zero, because that=E2=80=99s probably an uncommon use case. Thanks! Ludo=E2=80=99.